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Claims 

What is claimed is: 

1 . A method for promoting compliance with data protection and privacy ^ws and 
lations relating to the privacy rights of individuals that comprises: 

informing an individual involved in potential disclosure of his/her pers<5nal data to an 
entity that the entity has certified its compliance with approved privacy an^ata security 
practices that conform to relevant data protection and privacy laws and regulations covermg 
the use of personal data in at least the individual's or the entity's country of location; 

obtaining the individual's consent to have the entity receive; or acknowledgment that 
the entity will receive, and use his/her personal data in accordance with a stated policy or with 
relevant data protection and privacy laws and regulations co^^mng the use of personal data in 
at least the individual's or the entity's country of location; 

transmitting to the entity data indicating that the individual has been informed of the 
entity's privacy practices and consented to the entity receiving, or acknowledged that the 
entity will be receiving, and using his/her personal data in accordance with its stated policy or 
with relevant data protection and privacy laws and regulations covering the use of personal 



/ 



data in at least the individual's or the entity's country of location; 

receiving from the entity data compri^mg personal data collected by the entity from 
the individual; 

storing said personal data received from the entity; and 

periodically checking whether me entity has complied with the stated policy or with 
relevant data protection and privacy laws and regulations covering the use of personal data in 
at least the individual's or the entity's country of location. 



25 2. A method according to claim 1 further comprising the step of informing the 

individual that the entity is covered by insurance or equivalent risk instrument to protect 
against risk of loss or harm caused to the individual arising from misuse or loss of the 
individual's personal data py the entity. 
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3. A method according to claim 1 wherein said data indicating that the 
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individual has consented to have the ent 



ty receive, or acknowledgment that the entity will 
receive, and use the individual's personal data comprises data uniquely identifying details 
relating to the individual's consent. 



4. A method according to c 
has consented to have the entity receive. 



aim 3 wherein said data indicating that the individual 
or acknowledgment that the entity will receive, and 
use the individual's personal data and ilniquely identifying details relating to the individual's 
consent is compressed using a hash function. 



10 5. A method according tol claim 4 wherein said data received from the entity 

comprising personal data collected by the entity from the individual includes the data 
transmitted to the entity uniquely identifying details relating to the individual's consent. 



6. A method according tp claim 1 performed with a multiplicity of entities and 
1 5 individuals located in a single countd 



7. A method according |to claim 1 performed with a multiplicity of entities and 
individuals located in a multiplicity! of countries. 



20 8. A method accordind to claim 1 wherein the individual is informed in an 

official language of the individual ' s country of location. 
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9. A method accordinfe 
certification program requiring member 
standards for the use of personal 
notice to confirm their approval 



to claim 1 conducted as a multi-entity privacy policy 
entities to certify compliance with approved privacy 
of individuals and providing such entities with a policy 
, and membership in, the program. 



cata 



by 



10. A method accordiAg to claim 9 wherein the approved standards meet the 
standards required by the United ptates, European Union, or other countries or regional 
organizations. 
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11. A method according to claiin 9 further comprising the step of having audits or 
other assessments performed upon entities/seeking or having membership in the privacy 
pohcy certification program to ensure tha^the entities' privacy practices satisfy the standards 
approved and required by the program, 

5 

12. A method according to claim 1 1 further comprising the step of having random 
inspections or audits performed upon mjbmber entities to verify compHance by the entities 
with their approved privacy practices. 

10 13. A method according to/claim 12 wherein, upon discovery of a violation of an 

entity's approved privacy practices, nptice thereof and a request for correction are provided to 
the entity. 
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14. A method according lo claim 13 wherein, upon failure by an entity to comply 



1 5 with a request for correction, the en 



15. A method accordinj 
the policy notice by the entity, an 
notice thereof is provided to an ap] 



ity's policy notice is extinguished. 



to claim 14 wherein, upon any continued improper use of 
ehforcement action to terminate such use is initiated and 
ropriate regulatory authority. 



16. A method according 
comprising the individual's stored 



to claim 1 wherein the data received from the entity 
3ersonal data includes the time period of the individual's 
consent or acknowledgment, the length of time that the individual's personal data will be 
retained, and an option to extend c r renew the individual's consent or acknowledgment, if 
desired, notice thereof being provided to the entity and the individual in advance of expiration 
of the consent. 

17. A method accordir g to claim 16 wherein the individual is provided with the 
option of having the individual's personal data deleted from the entity's data storage upon 
expiration of the agreement. 
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18. A method according to cliim 2 wherein as prerequisites to membership in the 
privacy policy certification program, an entity is required to agree to (a) work with providers 
of insurance or equivalent risk instruments to resolve disputes with individuals, and (b) 
reimburse providers of insurance or equivalent risk instruments for claims paid to individuals 
due to violations of the their privacy rifehts by the entity. 

19. A method according tolclaim 1 , wherein the steps of informing the individual, 
obtaining the individual's consent or acknowledgment, transmitting data to the entity, and 
receiving data from the entity are performed over a computer network. 

20. A method according to claim 19 wherein the computer network is the Intemet. 
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21 . A system for promoting compliance with data protection and privacy laws and 
regulations relating to the privacy rights of individuals that comprises: 

means for informing an individual involved in potential disclosure of his/her personal 



data to an entity that the entity has 



ertified its compliance with approved privacy and data 



security practices that conform to i elevant data protection and privacy laws and regulations 



covering the use of personal data ip 
0^ location; 



at least the individual's or the entity's country of 



means for obtaining the in iividual's consent to have the entity receive, or 
acknowledgment that the entity w 11 receive, and use his/her personal data in accordance with 
a stated policy or with relevant data protection and privacy laws and regulations covering the 
25 use of personal data in at least the individual's or the entity's country of location; 

means for transmitting to :he entity data indicating that the individual has been 
informed of the entity's privacy practices and consented to the entity receiving, or 
acknowledgment that the entity vdll be receiving, and using his/her personal data in 
30 accordance with its stated policy or with relevant data protection and privacy laws and 



-24- 



regulations covering the use of personal cjata in at least the individual's or the entity's country 
of location; 

means for receiving from the entity data comprising personal data collected by the 
5 entity from the individual; 

means for storing said personal iiata received from the entity; and 

means for periodically checking whether the entity has complied with the stated policy 
1 0 or with relevant data protection and pnvacy laws and regulations covering the use of personal 
data in at least the individual's or the entity's country of location. 
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22. A system according t^ claim 21 further comprising means for informing the 
individual that the entity is covered my insurance or equivalent risk instrument to protect 
against risk of loss or harm caused tp the individual arising from misuse or loss of the 
individual's personal data by the en 

23. A system according to claim 21 wherein said data indicating that the 
individual has consented to have the entity receive, or acknowledgment that the entity will 
receive, and use the individual's personal data comprises data uniquely identifying details 
relating to the individual's consenfl 



25 



24. A system according to claim 23 wherein said data indicating that the 
individual has consented to have the entity receive, or acknowledgment that the entity will 
receive, and use the individual's personal data and uniquely identifying details relating to the 
individual's consent is compressed using a hash function. 



comprising personal data colleci 



25. A system accordi ig to claim 24 wherein said data received from the entity 



ed by the entity from the individual includes the data 



30 transmitted to the entity uniquew identifying details relating to the individual's consent. 
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26. A system according to cmim 21 wherein the individual is informed in an 
official language of the individual's comntry of location. 

27. A system according to claim 21 comprising means for conducting a 
5 multi-entity privacy policy certification program requiring member entities to certify 

compliance with approved privacy standards for the use of personal data of individuals and 
means for providing such entities wi|h a policy notice to confirm their approval by, and 
membership in, the program. 

10 28. A system according/to claim 27 wherein the approved standards meet the 

standards required by the United Sifiates, European Union, or other countries or regional 
organizations. 

29. A system accordiiig to claim 27 further comprising means for having audits or 
1 5 other assessments performed upon entities seeking or having membership in the privacy 

policy certification program to ensure that the entities' privacy practices satisfy the standards 
approved and required by the program. 

30. A system accorqing to claim 29 further comprising means for having random 
0 inspections or audits performed upon member entities to verify compliance by the entities 

with their approved privacy practices. 
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31 . A system according to claim 30 further comprising means for providing notice 
to an entity of a violation of the entity's approved privacy practices upon discovery thereof 
and means for providing a request for correction to the entity. 



32. A system according to claim 3 1 further comprising means for extinguishing an 
entity's policy notice upon failure by the entity to comply with a request for correction. 



30 33. A system according to claim 32 further comprising means for, upon any 

continued improper use of a policy notice by an entity, providing to an appropriate regulatory 
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authority notice of such improper use, and initiating an enforcement action to terminate such 
use. ' / 

34. A system according to claim 21 wherein the data received from the entity 

5 comprising the individual's stored pensonal data includes the time period of the individual's 
consent or acknowledgment, the lengm of time that the individual's personal data will be 
retained, and an option to extend or renew the individual's consent or acknowledgment, if 
desired, notice thereof being provided to the entity and the individual in advance of expiration 
of the consent. / 
10 / 

35. A system according iio claim 34 further comprising means for providing the 
individual with the option of having the individual's personal data deleted from the entity's 
data storage upon expiration of the agreement, 

1 5 36. A system according to claim 22 wherein as prerequisites to membership in the 

privacy policy certification program, an entity is required to agree to (a) work with providers 
of insurance or equivalent risk instruments to resolve disputes with individuals, and (b) 
reimburse providers of insurance or equivalent risk instruments for claims paid to individuals 
due to violations of the their privacy rights by the entity. 
20 j 

37. A system according to claim 21, wherein the means for informing the 
individual, obtaining the indivipuars consent or acknowledgment, transmitting data to the 
entity, and receiving data fronJthe entity comprise a computer network. 

25 38. A system according to claim 37 wherein the computer network is the Intemet. 
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